Cyber Incident Victim: Eventials.com

The incident involving Eventials.com emerged in late December 2020 when a data breach broker advertised stolen user records from twenty-six companies on a hacker forum. Among these, Eventials.com was identified as one of eight previously undisclosed breaches, with 1.4 million user records offered for sale. This disclosure occurred alongside other newly exposed companies including Teespring.com, MyON.com, and Wahoofitness.com, collectively forming part of a 368.8 million-record dataset marketed by the broker. The broker established pricing tiers for some datasets—such as $3,800-$4,000 for Teespring—but had not finalized costs for Eventials.com and four other new breaches at the time of reporting. BleepingComputer verified the authenticity of sample data from multiple companies in the listing, though specific technical details regarding Eventials.com's breach methodology or intrusion timeline were not disclosed in available sources.

BleepingComputer contacted affected organizations without prior breach disclosures, but only MyON and Chqbook provided responses—MyON confirmed a July 2020 intrusion while denying exposure of sensitive student data, whereas Chqbook disputed the breach claim entirely. No public statement or breach notification from Eventials.com was documented in the report, contrasting with Teespring’s confirmed June 2020 incident that the company initially concealed using noindex HTML tags. The exposure of Eventials.com user records created credential-stuffing and phishing risks for its 1.4 million affected accounts, consistent with observed malicious activities targeting Teespring users post-breach. Historical precedents suggested sold datasets were typically legitimate, with companies often confirming breaches after public exposure. Cybersecurity practitioners advised password resets for all potentially impacted accounts across the twenty-six organizations, emphasizing unique credentials per service to limit cross-platform compromise.